Executive Summary

Summary
Title Sun Alert 250306 A Security Vulnerability in the Solaris NFS Daemon (nfsd(1M)) May Allow Unauthorized Access to Data
Informations
Name SUN-250306 First vendor Publication 2009-03-09
Vendor Sun Last vendor Modification 2009-03-09
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System OpenSolaris

A security vulnerability in the Solaris NFS server (nfsd(1M)) may grant multiple security modes to certain NFSv3 remote clients and thereby allow remote unprivileged users on those clients to gain unauthorized access to shared files.

Sun acknowledges with thanks Daniel Van Derveer, for discovering and reporting this issue.

State: Resolved
First released: 09-Mar-2009
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-250306-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_250306_a_security

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 180
Os 1
Os 1

OpenVAS Exploits

Date Description
2009-06-03 Name : Solaris Update for Obsoleted by 139462-02
File : nvt/gb_solaris_139462_02.nasl
2009-06-03 Name : Solaris Update for Obsoleted by 139463-02
File : nvt/gb_solaris_139463_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52560 Solaris NFS Daemon sec=sys / sec=krb5 Security Mode Restriction Bypass